5a4ff810da10adacd1e3857134ebb0e733e19ca025560e24c11bd7cb1fa1d401

General

Target

6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
Size

84KB
MD5

6be55e4c02e838cd28437b5591eabe20
SHA1

5deeacd3fe88f4c40cd054d46145f8539702ba3b
SHA256

5a4ff810da10adacd1e3857134ebb0e733e19ca025560e24c11bd7cb1fa1d401
SHA512

60ceb54aebbbeb6e12fa67e61e9b2d0d59a6a3d6a0c3513b79588381a1c4f6869862461ddecac5f46f65b78ccf5c9114868c351ebe01e8fd87c5ede9d3b1cdce
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDa2I:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDaZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (598) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2876

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
84KB

MD5
e65ecf09cea66c077a761346f8cecf99

SHA1
e432bcbb77e77ab21678f44dd43ff23305a18f42

SHA256
a9a22e19022ab841a22222cb3ffeb160fe36712da3aa151bfbed6570d8f1901e

SHA512
82749cdc2184ff59b53ba1973f86dfda1a5e5656dc8a6fef4115749284f72fef75a8610e4f895d18bb74c991050e08b893180e603a4425f49a0998f2f87e8bd7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
9cc92346a326cd7be8b09f0b0ce1a4d0

SHA1
1a275535a441a724bd083b8108f182d571433d8c

SHA256
312db3a2e5cc0dddc913c32a19c4a84bc8bedb959b4d8a0dd444319b0c969f15

SHA512
91e20f27d6710718f2a5135b1a46fc54654c92c3a65748d7e336ce412e7a297c61ae03619c6323002a36ccf997bcc02183226ccd15e166a46891984e7930d829

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads